@azeth/provider 0.2.0

package/dist/examples/pricing-routes.js

@@ -0,0 +1,77 @@
+import { Hono } from 'hono';
+import { AzethError, TOKENS } from '@azeth/common';
+import { paymentMiddlewareFromHTTPServer } from '@x402/hono';
+import { isSupportedCoin, getPrice, getFreshPrice } from './price-feed.js';
+import { preSettledPaymentMiddleware } from '../middleware/pre-settled.js';
+/** Create the x402-gated pricing routes.
+ *
+ *  Uses @x402/hono middleware for V2 protocol support including:
+ *  - PAYMENT-SIGNATURE / PAYMENT-RESPONSE headers (v2)
+ *  - SIWx wallet-based sessions (pay once, then access via wallet sig)
+ *  - Payment agreement extension (subscription terms in 402 response)
+ *  - Pre-settled smart account payments (X-Payment-Tx header bypass)
+ *
+ *  When httpServer is null, all routes return 503 (graceful degradation).
+ */
+export function createPricingRoutes(httpServer) {
+    const app = new Hono();
+    if (!httpServer) {
+        app.get('/:coinId', (c) => {
+            return c.json({
+                error: {
+                    code: 'SERVICE_UNAVAILABLE',
+                    message: 'Price feed requires x402 facilitator configuration',
+                },
+            }, 503);
+        });
+        return app;
+    }
+    // Pre-settled payment verification — checks X-Payment-Tx header for smart account payments.
+    // If a valid on-chain Transfer is found, sets paymentTxHash/paymentFrom/paymentAmount context
+    // and skips the x402 facilitator settlement (payment already happened via UserOp).
+    const payTo = (process.env['X402_PAY_TO'] ?? '');
+    const chainName = (process.env['AZETH_CHAIN'] ?? 'baseSepolia');
+    // Use chain-aware USDC address from TOKENS constants (not env var, which may be for a different chain)
+    const usdcAddress = TOKENS[chainName].USDC;
+    const priceStr = process.env['X402_PRICE_FEED_PRICE'] ?? '$0.01';
+    // Parse price string like "$0.01" to atomic USDC (6 decimals)
+    const priceNum = parseFloat(priceStr.replace('$', ''));
+    const priceAtomicAmount = BigInt(Math.round(priceNum * 1e6));
+    if (payTo && usdcAddress) {
+        app.use('*', preSettledPaymentMiddleware({
+            payTo,
+            usdcAddress,
+            priceAtomicAmount,
+            rpcUrl: process.env['AZETH_RPC_URL'] ?? process.env['BASE_RPC_URL'],
+            chainName,
+        }));
+    }
+    // x402 V2 middleware — handles 402, verify, settle, SIWx, extensions.
+    // Skipped when pre-settled payment was verified (preSettledVerified flag set).
+    app.use('*', async (c, next) => {
+        if (c['preSettledVerified']) {
+            return next();
+        }
+        return paymentMiddlewareFromHTTPServer(httpServer)(c, next);
+    });
+    // Price data handler — pure business logic, no payment context needed.
+    // Payment info (amount, settlement tx) is in response headers via standard x402 protocol:
+    // - PAYMENT-RESPONSE header contains { success, transaction, network }
+    app.get('/:coinId', async (c) => {
+        const coinId = c.req.param('coinId');
+        if (!isSupportedCoin(coinId)) {
+            throw new AzethError('Unsupported coin', 'INVALID_INPUT', {
+                coinId,
+                supported: [
+                    'bitcoin', 'ethereum', 'solana', 'usd-coin', 'chainlink',
+                    'aave', 'uniswap', 'maker', 'compound-governance-token',
+                ],
+            });
+        }
+        const fresh = c.req.query('fresh') === 'true';
+        const data = fresh ? await getFreshPrice(coinId) : await getPrice(coinId);
+        return c.json({ data });
+    });
+    return app;
+}
+//# sourceMappingURL=pricing-routes.js.map

package/dist/examples/pricing-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pricing-routes.js","sourceRoot":"","sources":["../../src/examples/pricing-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,EAA2B,MAAM,eAAe,CAAC;AAC5E,OAAO,EAAE,+BAA+B,EAAE,MAAM,YAAY,CAAC;AAG7D,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAE3E;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAyC;IAC3E,MAAM,GAAG,GAAG,IAAI,IAAI,EAAe,CAAC;IAEpC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;YACxB,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE;oBACL,IAAI,EAAE,qBAAqB;oBAC3B,OAAO,EAAE,oDAAoD;iBAC9D;aACF,EACD,GAAG,CACJ,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC;IAED,4FAA4F;IAC5F,8FAA8F;IAC9F,mFAAmF;IACnF,MAAM,KAAK,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAkB,CAAC;IAClE,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,aAAa,CAAuB,CAAC;IACtF,uGAAuG;IACvG,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,IAAqB,CAAC;IAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,OAAO,CAAC;IACjE,8DAA8D;IAC9D,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACvD,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC;IAE7D,IAAI,KAAK,IAAI,WAAW,EAAE,CAAC;QACzB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,2BAA2B,CAAC;YACvC,KAAK;YACL,WAAW;YACX,iBAAiB;YACjB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;YACnE,SAAS;SACV,CAAC,CAAC,CAAC;IACN,CAAC;IAED,sEAAsE;IACtE,+EAA+E;IAC/E,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,IAAK,CAAwC,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,OAAO,+BAA+B,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,uEAAuE;IACvE,0FAA0F;IAC1F,uEAAuE;IACvE,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9B,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAErC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,UAAU,CAAC,kBAAkB,EAAE,eAAe,EAAE;gBACxD,MAAM;gBACN,SAAS,EAAE;oBACT,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW;oBACxD,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,2BAA2B;iBACxD;aACF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,MAAM,CAAC;QAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE1E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/extensions/payment-agreement.d.ts

@@ -0,0 +1,37 @@
+import type { ResourceServerExtension } from '@x402/core/types';
+/** Payment agreement terms advertised in the 402 response.
+ *  Tells clients they can create an on-chain agreement instead of paying per-request. */
+export interface AgreementTerms {
+    /** Service payee address */
+    payee: `0x${string}`;
+    /** Payment token address (e.g., USDC) */
+    token: `0x${string}`;
+    /** PaymentAgreementModule contract address */
+    moduleAddress: `0x${string}`;
+    /** Minimum amount per interval in token smallest units */
+    minAmountPerInterval: string;
+    /** Suggested interval in seconds (e.g., 86400 for daily) */
+    suggestedInterval: number;
+}
+/** Extension key used in 402 response extensions object */
+export declare const PAYMENT_AGREEMENT_KEY = "payment-agreement";
+/** Create a custom ResourceServerExtension that adds agreement terms to the 402 response.
+ *
+ *  Clients see in the 402 response:
+ *  ```json
+ *  {
+ *    "extensions": {
+ *      "payment-agreement": {
+ *        "acceptsAgreements": true,
+ *        "terms": { "payee": "0x...", "token": "0x...", ... }
+ *      }
+ *    }
+ *  }
+ *  ```
+ *
+ *  This is a server-side-only extension — it adds metadata to the PaymentRequired
+ *  response but does not validate incoming payment payloads. Agreement validation
+ *  happens in AzethSIWxStorage.hasPaid().
+ */
+export declare function createPaymentAgreementExtension(terms: AgreementTerms): ResourceServerExtension;
+//# sourceMappingURL=payment-agreement.d.ts.map

package/dist/extensions/payment-agreement.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"payment-agreement.d.ts","sourceRoot":"","sources":["../../src/extensions/payment-agreement.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEhE;yFACyF;AACzF,MAAM,WAAW,cAAc;IAC7B,4BAA4B;IAC5B,KAAK,EAAE,KAAK,MAAM,EAAE,CAAC;IACrB,yCAAyC;IACzC,KAAK,EAAE,KAAK,MAAM,EAAE,CAAC;IACrB,8CAA8C;IAC9C,aAAa,EAAE,KAAK,MAAM,EAAE,CAAC;IAC7B,0DAA0D;IAC1D,oBAAoB,EAAE,MAAM,CAAC;IAC7B,4DAA4D;IAC5D,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,2DAA2D;AAC3D,eAAO,MAAM,qBAAqB,sBAAsB,CAAC;AAEzD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,cAAc,GAAG,uBAAuB,CAkB9F"}

package/dist/extensions/payment-agreement.js

@@ -0,0 +1,39 @@
+/** Extension key used in 402 response extensions object */
+export const PAYMENT_AGREEMENT_KEY = 'payment-agreement';
+/** Create a custom ResourceServerExtension that adds agreement terms to the 402 response.
+ *
+ *  Clients see in the 402 response:
+ *  ```json
+ *  {
+ *    "extensions": {
+ *      "payment-agreement": {
+ *        "acceptsAgreements": true,
+ *        "terms": { "payee": "0x...", "token": "0x...", ... }
+ *      }
+ *    }
+ *  }
+ *  ```
+ *
+ *  This is a server-side-only extension — it adds metadata to the PaymentRequired
+ *  response but does not validate incoming payment payloads. Agreement validation
+ *  happens in AzethSIWxStorage.hasPaid().
+ */
+export function createPaymentAgreementExtension(terms) {
+    return {
+        key: PAYMENT_AGREEMENT_KEY,
+        /** Enrich the 402 PaymentRequired response with agreement terms */
+        async enrichPaymentRequiredResponse(_declaration, _context) {
+            return {
+                acceptsAgreements: true,
+                terms: {
+                    payee: terms.payee,
+                    token: terms.token,
+                    moduleAddress: terms.moduleAddress,
+                    minAmountPerInterval: terms.minAmountPerInterval,
+                    suggestedInterval: terms.suggestedInterval,
+                },
+            };
+        },
+    };
+}
+//# sourceMappingURL=payment-agreement.js.map

package/dist/extensions/payment-agreement.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"payment-agreement.js","sourceRoot":"","sources":["../../src/extensions/payment-agreement.ts"],"names":[],"mappings":"AAiBA,2DAA2D;AAC3D,MAAM,CAAC,MAAM,qBAAqB,GAAG,mBAAmB,CAAC;AAEzD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,+BAA+B,CAAC,KAAqB;IACnE,OAAO;QACL,GAAG,EAAE,qBAAqB;QAE1B,mEAAmE;QACnE,KAAK,CAAC,6BAA6B,CAAC,YAAqB,EAAE,QAAiB;YAC1E,OAAO;gBACL,iBAAiB,EAAE,IAAI;gBACvB,KAAK,EAAE;oBACL,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,aAAa,EAAE,KAAK,CAAC,aAAa;oBAClC,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;oBAChD,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;iBAC3C;aACF,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export { createX402Stack, createX402StackFromEnv, CAIP2_NETWORKS, LocalFacilitatorClient, declareSIWxExtension, paymentMiddlewareFromHTTPServer, } from './stack.js';
+export type { X402StackConfig, X402Stack, RoutesConfig, x402HTTPResourceServer, } from './stack.js';
+export { AzethSIWxStorage } from './storage.js';
+export type { AzethSIWxStorageConfig } from './storage.js';
+export { AgreementKeeper } from './agreement-keeper.js';
+export type { AgreementKeeperConfig } from './agreement-keeper.js';
+export { findActiveAgreementForPayee, clearAgreementCache, setAgreementCacheTtl } from './agreement-cache.js';
+export { createPaymentAgreementExtension, PAYMENT_AGREEMENT_KEY } from './extensions/payment-agreement.js';
+export type { AgreementTerms } from './extensions/payment-agreement.js';
+export { preSettledPaymentMiddleware } from './middleware/pre-settled.js';
+export type { ProviderEnv } from './middleware/pre-settled.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,cAAc,EACd,sBAAsB,EAEtB,oBAAoB,EACpB,+BAA+B,GAChC,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,eAAe,EACf,SAAS,EACT,YAAY,EACZ,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,YAAY,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAG3D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,YAAY,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAGnE,OAAO,EAAE,2BAA2B,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAG9G,OAAO,EAAE,+BAA+B,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC3G,YAAY,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AAGxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;AAC1E,YAAY,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+// x402 stack — core provider functionality
+export { createX402Stack, createX402StackFromEnv, CAIP2_NETWORKS, LocalFacilitatorClient, 
+// Re-exported x402 types
+declareSIWxExtension, paymentMiddlewareFromHTTPServer, } from './stack.js';
+// Agreement-aware SIWx storage
+export { AzethSIWxStorage } from './storage.js';
+// Agreement keeper — periodic execution of due agreements
+export { AgreementKeeper } from './agreement-keeper.js';
+// Agreement cache — LRU cache with stale-on-error
+export { findActiveAgreementForPayee, clearAgreementCache, setAgreementCacheTtl } from './agreement-cache.js';
+// Payment agreement extension
+export { createPaymentAgreementExtension, PAYMENT_AGREEMENT_KEY } from './extensions/payment-agreement.js';
+// Pre-settled payment middleware
+export { preSettledPaymentMiddleware } from './middleware/pre-settled.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,cAAc,EACd,sBAAsB;AACtB,yBAAyB;AACzB,oBAAoB,EACpB,+BAA+B,GAChC,MAAM,YAAY,CAAC;AAQpB,+BAA+B;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhD,0DAA0D;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGxD,kDAAkD;AAClD,OAAO,EAAE,2BAA2B,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE9G,8BAA8B;AAC9B,OAAO,EAAE,+BAA+B,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAG3G,iCAAiC;AACjC,OAAO,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC"}

package/dist/middleware/pre-settled.d.ts

@@ -0,0 +1,29 @@
+import type { Context, Env, Next } from 'hono';
+import { type SupportedChainName } from '@azeth/common';
+/** Minimal Hono env for pre-settled payment middleware.
+ *  Consumer apps can extend this with their own variables. */
+export interface ProviderEnv extends Env {
+    Variables: {
+        paymentFrom: `0x${string}`;
+        paymentAmount: bigint;
+        paymentTxHash: `0x${string}`;
+    };
+}
+/** Pre-settled payment verification middleware.
+ *
+ *  Checks for X-Payment-Tx header. If present, verifies the transaction on-chain
+ *  by decoding USDC Transfer event logs and confirming the payment meets requirements.
+ *
+ *  When valid: sets context variables (paymentFrom, paymentAmount, paymentTxHash)
+ *  and calls next() — downstream x402 middleware should be skipped.
+ *
+ *  When invalid: falls through to let x402 middleware handle normally.
+ */
+export declare function preSettledPaymentMiddleware(config: {
+    payTo: `0x${string}`;
+    usdcAddress: `0x${string}`;
+    priceAtomicAmount: bigint;
+    rpcUrl?: string;
+    chainName?: SupportedChainName;
+}): (c: Context<ProviderEnv>, next: Next) => Promise<void>;
+//# sourceMappingURL=pre-settled.d.ts.map

package/dist/middleware/pre-settled.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre-settled.d.ts","sourceRoot":"","sources":["../../src/middleware/pre-settled.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE/C,OAAO,EAAoB,KAAK,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAE1E;8DAC8D;AAC9D,MAAM,WAAW,WAAY,SAAQ,GAAG;IACtC,SAAS,EAAE;QACT,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;QAC3B,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,KAAK,MAAM,EAAE,CAAC;KAC9B,CAAC;CACH;AASD;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,MAAM,EAAE;IAClD,KAAK,EAAE,KAAK,MAAM,EAAE,CAAC;IACrB,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,kBAAkB,CAAC;CAChC,IAOe,GAAG,OAAO,CAAC,WAAW,CAAC,EAAE,MAAM,IAAI,mBA4DlD"}

package/dist/middleware/pre-settled.js

@@ -0,0 +1,80 @@
+import { createPublicClient, http, parseAbiItem } from 'viem';
+import { resolveViemChain } from '@azeth/common';
+/** USDC Transfer(address,address,uint256) event topic */
+const TRANSFER_EVENT = parseAbiItem('event Transfer(address indexed from, address indexed to, uint256 value)');
+/** Track consumed tx hashes to prevent replay (one payment = one access) */
+const usedTxHashes = new Set();
+const MAX_USED_TX_HASHES = 50_000;
+/** Pre-settled payment verification middleware.
+ *
+ *  Checks for X-Payment-Tx header. If present, verifies the transaction on-chain
+ *  by decoding USDC Transfer event logs and confirming the payment meets requirements.
+ *
+ *  When valid: sets context variables (paymentFrom, paymentAmount, paymentTxHash)
+ *  and calls next() — downstream x402 middleware should be skipped.
+ *
+ *  When invalid: falls through to let x402 middleware handle normally.
+ */
+export function preSettledPaymentMiddleware(config) {
+    const chain = resolveViemChain(config.chainName ?? 'baseSepolia');
+    const publicClient = createPublicClient({
+        chain,
+        transport: http(config.rpcUrl),
+    });
+    return async (c, next) => {
+        const txHashHeader = c.req.header('X-Payment-Tx');
+        if (!txHashHeader || !/^0x[0-9a-fA-F]{64}$/.test(txHashHeader)) {
+            return next();
+        }
+        const txHash = txHashHeader;
+        // Reject already-consumed tx hashes before making RPC call
+        if (usedTxHashes.has(txHash)) {
+            return next(); // Fall through to x402
+        }
+        try {
+            const receipt = await publicClient.getTransactionReceipt({ hash: txHash });
+            if (receipt.status !== 'success') {
+                return next(); // Transaction failed, fall through to x402
+            }
+            // Find USDC Transfer event matching requirements
+            for (const log of receipt.logs) {
+                if (log.address.toLowerCase() !== config.usdcAddress.toLowerCase())
+                    continue;
+                if (log.topics.length < 3)
+                    continue;
+                // topics[0] = event sig, topics[1] = from, topics[2] = to
+                const eventSig = log.topics[0];
+                if (eventSig !== '0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef')
+                    continue;
+                const toAddress = `0x${log.topics[2].slice(26)}`;
+                if (toAddress.toLowerCase() !== config.payTo.toLowerCase())
+                    continue;
+                // Decode value from log data
+                const value = BigInt(log.data);
+                if (value < config.priceAtomicAmount)
+                    continue;
+                // Valid pre-settled payment found — extract `from` from the on-chain log,
+                // NOT the client-controlled header (which could be spoofed).
+                const logFrom = `0x${log.topics[1].slice(26)}`;
+                c.set('paymentFrom', logFrom);
+                c.set('paymentAmount', value);
+                c.set('paymentTxHash', txHash);
+                // Mark tx hash as consumed — prevents replay
+                usedTxHashes.add(txHash);
+                if (usedTxHashes.size > MAX_USED_TX_HASHES) {
+                    const oldest = usedTxHashes.values().next().value;
+                    if (oldest !== undefined)
+                        usedTxHashes.delete(oldest);
+                }
+                // Set a flag for downstream to know payment is pre-settled
+                c['preSettledVerified'] = true;
+                return next();
+            }
+        }
+        catch {
+            // RPC error or tx not found — fall through to x402
+        }
+        return next();
+    };
+}
+//# sourceMappingURL=pre-settled.js.map

package/dist/middleware/pre-settled.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre-settled.js","sourceRoot":"","sources":["../../src/middleware/pre-settled.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,YAAY,EAAiD,MAAM,MAAM,CAAC;AAC7G,OAAO,EAAE,gBAAgB,EAA2B,MAAM,eAAe,CAAC;AAY1E,yDAAyD;AACzD,MAAM,cAAc,GAAG,YAAY,CAAC,yEAAyE,CAAC,CAAC;AAE/G,4EAA4E;AAC5E,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;AACvC,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CAAC,MAM3C;IACC,MAAM,KAAK,GAAU,gBAAgB,CAAC,MAAM,CAAC,SAAS,IAAI,aAAa,CAAC,CAAC;IACzE,MAAM,YAAY,GAAmC,kBAAkB,CAAC;QACtE,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;KAC/B,CAAC,CAAC;IAEH,OAAO,KAAK,EAAE,CAAuB,EAAE,IAAU,EAAE,EAAE;QACnD,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAClD,IAAI,CAAC,YAAY,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/D,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,MAAM,MAAM,GAAG,YAA6B,CAAC;QAE7C,2DAA2D;QAC3D,IAAI,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,OAAO,IAAI,EAAE,CAAC,CAAC,uBAAuB;QACxC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,qBAAqB,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAE3E,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACjC,OAAO,IAAI,EAAE,CAAC,CAAC,2CAA2C;YAC5D,CAAC;YAED,iDAAiD;YACjD,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC/B,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE;oBAAE,SAAS;gBAC7E,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;oBAAE,SAAS;gBAEpC,0DAA0D;gBAC1D,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC/B,IAAI,QAAQ,KAAK,oEAAoE;oBAAE,SAAS;gBAEhG,MAAM,SAAS,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAmB,CAAC;gBACnE,IAAI,SAAS,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE;oBAAE,SAAS;gBAErE,6BAA6B;gBAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC/B,IAAI,KAAK,GAAG,MAAM,CAAC,iBAAiB;oBAAE,SAAS;gBAE/C,0EAA0E;gBAC1E,6DAA6D;gBAC7D,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAmB,CAAC;gBACjE,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBAC9B,CAAC,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;gBAC9B,CAAC,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;gBAE/B,6CAA6C;gBAC7C,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACzB,IAAI,YAAY,CAAC,IAAI,GAAG,kBAAkB,EAAE,CAAC;oBAC3C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;oBAClD,IAAI,MAAM,KAAK,SAAS;wBAAE,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBACxD,CAAC;gBAED,2DAA2D;gBAC1D,CAAwC,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC;gBACvE,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;QACrD,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/stack.d.ts

@@ -0,0 +1,75 @@
+import { type PublicClient, type WalletClient, type Chain, type Transport, type Account } from 'viem';
+import { type SupportedChainName } from '@azeth/common';
+import { x402Facilitator } from '@x402/core/facilitator';
+import { x402ResourceServer, x402HTTPResourceServer, type FacilitatorClient, type RoutesConfig } from '@x402/core/server';
+import type { PaymentPayload, PaymentRequirements, VerifyResponse, SettleResponse, SupportedResponse } from '@x402/core/types';
+import { AzethSIWxStorage } from './storage.js';
+import { type AgreementTerms } from './extensions/payment-agreement.js';
+/** CAIP-2 network identifiers for supported chains */
+export declare const CAIP2_NETWORKS: Record<SupportedChainName, `eip155:${string}`>;
+/** Configuration for the x402 stack */
+export interface X402StackConfig {
+    /** Chain name */
+    chainName: SupportedChainName;
+    /** Network in CAIP-2 format */
+    network: `eip155:${string}`;
+    /** Payment recipient address */
+    payTo: `0x${string}`;
+    /** Wallet client for gas settlement */
+    walletClient: WalletClient<Transport, Chain, Account>;
+    /** Public client for on-chain reads */
+    publicClient: PublicClient<Transport, Chain>;
+    /** Agreement terms (null = agreements disabled) */
+    agreementTerms?: AgreementTerms | null;
+}
+/** The complete x402 V2 stack returned by createX402Stack */
+export interface X402Stack {
+    /** Self-hosted facilitator */
+    facilitator: x402Facilitator;
+    /** Resource server wrapping the facilitator */
+    server: x402ResourceServer;
+    /** HTTP server wrapping the resource server with routes */
+    httpServer: x402HTTPResourceServer;
+    /** Agreement-aware SIWx storage */
+    storage: AzethSIWxStorage;
+    /** Public client for on-chain reads (needed by keeper) */
+    publicClient: PublicClient<Transport, Chain>;
+    /** Wallet client for gas settlement (needed by keeper) */
+    walletClient: WalletClient<Transport, Chain, Account>;
+}
+/** Wraps x402Facilitator as a FacilitatorClient for in-process use.
+ *  Avoids HTTP round-trips by calling the facilitator directly. */
+export declare class LocalFacilitatorClient implements FacilitatorClient {
+    private readonly f;
+    constructor(facilitator: x402Facilitator);
+    verify(paymentPayload: PaymentPayload, paymentRequirements: PaymentRequirements): Promise<VerifyResponse>;
+    settle(paymentPayload: PaymentPayload, paymentRequirements: PaymentRequirements): Promise<SettleResponse>;
+    getSupported(): Promise<SupportedResponse>;
+}
+/** Create the complete x402 V2 stack with self-hosted facilitator, SIWx sessions,
+ *  and payment agreement support.
+ *
+ *  Architecture:
+ *  1. Self-hosted facilitator (we control settlement, no external dependency)
+ *  2. Resource server with EVM price parsing
+ *  3. SIWx extension for wallet-based sessions
+ *  4. Payment-agreement extension for subscription terms
+ *  5. Agreement-aware SIWx storage for hybrid access
+ *
+ *  @param config - Stack configuration
+ *  @param routes - Route configurations for protected endpoints
+ *  @returns Complete x402 stack
+ */
+export declare function createX402Stack(config: X402StackConfig, routes: RoutesConfig): X402Stack;
+/** Create a complete x402 stack from environment variables.
+ *  Returns null if required keys are missing (graceful degradation).
+ *
+ *  Unlike the server's version, this creates its own publicClient
+ *  directly from the RPC URL — no dependency on external singletons.
+ */
+export declare function createX402StackFromEnv(routes: RoutesConfig): X402Stack | null;
+export { declareSIWxExtension } from '@x402/extensions/sign-in-with-x';
+export { paymentMiddlewareFromHTTPServer } from '@x402/hono';
+export type { RoutesConfig } from '@x402/core/server';
+export type { x402HTTPResourceServer } from '@x402/core/server';
+//# sourceMappingURL=stack.d.ts.map

package/dist/stack.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stack.d.ts","sourceRoot":"","sources":["../src/stack.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,KAAK,EACV,KAAK,SAAS,EACd,KAAK,OAAO,EACb,MAAM,MAAM,CAAC;AAGd,OAAO,EAA6C,KAAK,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnG,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,KAAK,iBAAiB,EAAE,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC1H,OAAO,KAAK,EAAE,cAAc,EAAE,mBAAmB,EAAE,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAU/H,OAAO,EAAE,gBAAgB,EAA+B,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAmC,KAAK,cAAc,EAAE,MAAM,mCAAmC,CAAC;AAEzG,sDAAsD;AACtD,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,UAAU,MAAM,EAAE,CAKzE,CAAC;AAEF,uCAAuC;AACvC,MAAM,WAAW,eAAe;IAC9B,iBAAiB;IACjB,SAAS,EAAE,kBAAkB,CAAC;IAC9B,+BAA+B;IAC/B,OAAO,EAAE,UAAU,MAAM,EAAE,CAAC;IAC5B,gCAAgC;IAChC,KAAK,EAAE,KAAK,MAAM,EAAE,CAAC;IACrB,uCAAuC;IACvC,YAAY,EAAE,YAAY,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACtD,uCAAuC;IACvC,YAAY,EAAE,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC7C,mDAAmD;IACnD,cAAc,CAAC,EAAE,cAAc,GAAG,IAAI,CAAC;CACxC;AAED,6DAA6D;AAC7D,MAAM,WAAW,SAAS;IACxB,8BAA8B;IAC9B,WAAW,EAAE,eAAe,CAAC;IAC7B,+CAA+C;IAC/C,MAAM,EAAE,kBAAkB,CAAC;IAC3B,2DAA2D;IAC3D,UAAU,EAAE,sBAAsB,CAAC;IACnC,mCAAmC;IACnC,OAAO,EAAE,gBAAgB,CAAC;IAC1B,0DAA0D;IAC1D,YAAY,EAAE,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC7C,0DAA0D;IAC1D,YAAY,EAAE,YAAY,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;CACvD;AAED;mEACmE;AACnE,qBAAa,sBAAuB,YAAW,iBAAiB;IAC9D,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAkB;gBAExB,WAAW,EAAE,eAAe;IAIlC,MAAM,CAAC,cAAc,EAAE,cAAc,EAAE,mBAAmB,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;IAIzG,MAAM,CAAC,cAAc,EAAE,cAAc,EAAE,mBAAmB,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;IAIzG,YAAY,IAAI,OAAO,CAAC,iBAAiB,CAAC;CAMjD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,YAAY,GACnB,SAAS,CAgEX;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,YAAY,GACnB,SAAS,GAAG,IAAI,CA+DlB;AAGD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,EAAE,+BAA+B,EAAE,MAAM,YAAY,CAAC;AAC7D,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtD,YAAY,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/stack.js

@@ -0,0 +1,169 @@
+import { createPublicClient, createWalletClient, http, } from 'viem';
+import { publicActions } from 'viem';
+import { privateKeyToAccount } from 'viem/accounts';
+import { TOKENS, AZETH_CONTRACTS, resolveViemChain } from '@azeth/common';
+import { x402Facilitator } from '@x402/core/facilitator';
+import { x402ResourceServer, x402HTTPResourceServer } from '@x402/core/server';
+import { registerExactEvmScheme as registerFacilitatorEvm } from '@x402/evm/exact/facilitator';
+import { registerExactEvmScheme as registerServerEvm } from '@x402/evm/exact/server';
+import { toFacilitatorEvmSigner } from '@x402/evm';
+import { siwxResourceServerExtension, createSIWxSettleHook, createSIWxRequestHook, } from '@x402/extensions/sign-in-with-x';
+import { AzethSIWxStorage } from './storage.js';
+import { createPaymentAgreementExtension } from './extensions/payment-agreement.js';
+/** CAIP-2 network identifiers for supported chains */
+export const CAIP2_NETWORKS = {
+    base: 'eip155:8453',
+    baseSepolia: 'eip155:84532',
+    ethereumSepolia: 'eip155:11155111',
+    ethereum: 'eip155:1',
+};
+/** Wraps x402Facilitator as a FacilitatorClient for in-process use.
+ *  Avoids HTTP round-trips by calling the facilitator directly. */
+export class LocalFacilitatorClient {
+    f;
+    constructor(facilitator) {
+        this.f = facilitator;
+    }
+    async verify(paymentPayload, paymentRequirements) {
+        return this.f.verify(paymentPayload, paymentRequirements);
+    }
+    async settle(paymentPayload, paymentRequirements) {
+        return this.f.settle(paymentPayload, paymentRequirements);
+    }
+    async getSupported() {
+        // x402Facilitator.getSupported() returns network as plain string,
+        // but FacilitatorClient expects Network (`${string}:${string}`).
+        // The values are always CAIP-2 formatted, so the cast is safe.
+        return this.f.getSupported();
+    }
+}
+/** Create the complete x402 V2 stack with self-hosted facilitator, SIWx sessions,
+ *  and payment agreement support.
+ *
+ *  Architecture:
+ *  1. Self-hosted facilitator (we control settlement, no external dependency)
+ *  2. Resource server with EVM price parsing
+ *  3. SIWx extension for wallet-based sessions
+ *  4. Payment-agreement extension for subscription terms
+ *  5. Agreement-aware SIWx storage for hybrid access
+ *
+ *  @param config - Stack configuration
+ *  @param routes - Route configurations for protected endpoints
+ *  @returns Complete x402 stack
+ */
+export function createX402Stack(config, routes) {
+    // 1. Create facilitator signer from wallet+public client
+    const combinedClient = config.walletClient.extend(publicActions);
+    // Cast needed: viem's verifyTypedData uses strict TypedDataParameter[] types
+    // while @x402's FacilitatorEvmSigner uses simplified Record<string, unknown>.
+    // Runtime behavior is identical — this is a type-level mismatch only.
+    const signer = toFacilitatorEvmSigner(combinedClient);
+    // 2. Self-hosted facilitator with EVM exact scheme
+    const facilitator = new x402Facilitator();
+    registerFacilitatorEvm(facilitator, {
+        signer,
+        networks: config.network,
+        deployERC4337WithEIP6492: true,
+    });
+    // 3. Local facilitator client (no HTTP round-trips)
+    const facilitatorClient = new LocalFacilitatorClient(facilitator);
+    // 4. Resource server with EVM scheme
+    const server = new x402ResourceServer(facilitatorClient);
+    registerServerEvm(server);
+    // 5. Register SIWx extension (wallet sessions)
+    server.registerExtension(siwxResourceServerExtension);
+    // 6. Register payment-agreement extension if configured
+    if (config.agreementTerms) {
+        server.registerExtension(createPaymentAgreementExtension(config.agreementTerms));
+    }
+    // 7. Agreement-aware SIWx storage
+    const storageConfig = {
+        publicClient: config.publicClient,
+        servicePayee: config.payTo,
+        serviceToken: config.agreementTerms?.token
+            ? config.agreementTerms.token
+            : undefined,
+        moduleAddress: config.agreementTerms?.moduleAddress
+            ? config.agreementTerms.moduleAddress
+            : undefined,
+        minAgreementAmount: config.agreementTerms?.minAmountPerInterval
+            ? BigInt(config.agreementTerms.minAmountPerInterval)
+            : undefined,
+    };
+    const storage = new AzethSIWxStorage(storageConfig);
+    // 8. SIWx hooks: session recording + request validation
+    facilitator.onAfterSettle(createSIWxSettleHook({ storage }));
+    // 9. HTTP server wraps resource server + routes
+    const httpServer = new x402HTTPResourceServer(server, routes);
+    httpServer.onProtectedRequest(createSIWxRequestHook({
+        storage,
+        verifyOptions: {
+            // publicClient.verifyMessage satisfies EVMMessageVerifier —
+            // enables EIP-1271 (deployed smart wallets) and EIP-6492 (counterfactual)
+            evmVerifier: config.publicClient.verifyMessage,
+        },
+    }));
+    return { facilitator, server, httpServer, storage, publicClient: config.publicClient, walletClient: config.walletClient };
+}
+/** Create a complete x402 stack from environment variables.
+ *  Returns null if required keys are missing (graceful degradation).
+ *
+ *  Unlike the server's version, this creates its own publicClient
+ *  directly from the RPC URL — no dependency on external singletons.
+ */
+export function createX402StackFromEnv(routes) {
+    const privateKey = process.env['X402_FACILITATOR_KEY'] ?? process.env['DEPLOYER_PRIVATE_KEY'];
+    const payTo = process.env['X402_PAY_TO'];
+    if (!privateKey || !payTo) {
+        return null;
+    }
+    // Validate address format
+    if (!/^0x[0-9a-fA-F]{40}$/.test(payTo)) {
+        console.error('[AzethProvider] Invalid X402_PAY_TO address format');
+        return null;
+    }
+    const chainName = (process.env['AZETH_CHAIN'] ?? 'baseSepolia');
+    const chain = resolveViemChain(chainName);
+    const network = CAIP2_NETWORKS[chainName];
+    const rpcUrl = process.env['AZETH_RPC_URL'] ?? process.env['BASE_RPC_URL'];
+    let formattedKey = privateKey;
+    if (!formattedKey.startsWith('0x')) {
+        formattedKey = `0x${formattedKey}`;
+    }
+    const account = privateKeyToAccount(formattedKey);
+    const walletClient = createWalletClient({
+        account,
+        chain,
+        transport: http(rpcUrl),
+    });
+    // Create publicClient directly — no dependency on external singletons
+    const publicClient = createPublicClient({
+        chain,
+        transport: http(rpcUrl),
+    });
+    // Build agreement terms from env + contract addresses
+    const contracts = AZETH_CONTRACTS[chainName];
+    const moduleAddress = contracts?.paymentAgreementModule;
+    const usdcAddress = TOKENS[chainName].USDC;
+    const agreementTerms = moduleAddress
+        ? {
+            payee: payTo,
+            token: usdcAddress,
+            moduleAddress: moduleAddress,
+            minAmountPerInterval: process.env['X402_AGREEMENT_MIN_AMOUNT'] ?? '10000',
+            suggestedInterval: 86400,
+        }
+        : null;
+    return createX402Stack({
+        chainName,
+        network,
+        payTo: payTo,
+        walletClient,
+        publicClient,
+        agreementTerms,
+    }, routes);
+}
+// Re-export x402 types so consumers don't need direct @x402/* dependencies
+export { declareSIWxExtension } from '@x402/extensions/sign-in-with-x';
+export { paymentMiddlewareFromHTTPServer } from '@x402/hono';
+//# sourceMappingURL=stack.js.map

package/dist/stack.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stack.js","sourceRoot":"","sources":["../src/stack.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,IAAI,GAML,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,aAAa,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,gBAAgB,EAA2B,MAAM,eAAe,CAAC;AACnG,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAA6C,MAAM,mBAAmB,CAAC;AAE1H,OAAO,EAAE,sBAAsB,IAAI,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAC/F,OAAO,EAAE,sBAAsB,IAAI,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EACL,2BAA2B,EAC3B,oBAAoB,EACpB,qBAAqB,GAEtB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAA+B,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,+BAA+B,EAAuB,MAAM,mCAAmC,CAAC;AAEzG,sDAAsD;AACtD,MAAM,CAAC,MAAM,cAAc,GAAmD;IAC5E,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,cAAc;IAC3B,eAAe,EAAE,iBAAiB;IAClC,QAAQ,EAAE,UAAU;CACrB,CAAC;AAkCF;mEACmE;AACnE,MAAM,OAAO,sBAAsB;IAChB,CAAC,CAAkB;IAEpC,YAAY,WAA4B;QACtC,IAAI,CAAC,CAAC,GAAG,WAAW,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAA8B,EAAE,mBAAwC;QACnF,OAAO,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAA8B,EAAE,mBAAwC;QACnF,OAAO,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,kEAAkE;QAClE,iEAAiE;QACjE,+DAA+D;QAC/D,OAAO,IAAI,CAAC,CAAC,CAAC,YAAY,EAAkC,CAAC;IAC/D,CAAC;CACF;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAuB,EACvB,MAAoB;IAEpB,yDAAyD;IACzD,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACjE,6EAA6E;IAC7E,8EAA8E;IAC9E,sEAAsE;IACtE,MAAM,MAAM,GAAG,sBAAsB,CACnC,cAAyE,CAC1E,CAAC;IAEF,mDAAmD;IACnD,MAAM,WAAW,GAAG,IAAI,eAAe,EAAE,CAAC;IAC1C,sBAAsB,CAAC,WAAW,EAAE;QAClC,MAAM;QACN,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,wBAAwB,EAAE,IAAI;KAC/B,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,iBAAiB,GAAG,IAAI,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAElE,qCAAqC;IACrC,MAAM,MAAM,GAAG,IAAI,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;IACzD,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE1B,+CAA+C;IAC/C,MAAM,CAAC,iBAAiB,CAAC,2BAA2B,CAAC,CAAC;IAEtD,wDAAwD;IACxD,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,CAAC,iBAAiB,CAAC,+BAA+B,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IACnF,CAAC;IAED,kCAAkC;IAClC,MAAM,aAAa,GAA2B;QAC5C,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,YAAY,EAAE,MAAM,CAAC,KAAK;QAC1B,YAAY,EAAE,MAAM,CAAC,cAAc,EAAE,KAAK;YACxC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,KAAsB;YAC9C,CAAC,CAAC,SAAS;QACb,aAAa,EAAE,MAAM,CAAC,cAAc,EAAE,aAAa;YACjD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,aAA8B;YACtD,CAAC,CAAC,SAAS;QACb,kBAAkB,EAAE,MAAM,CAAC,cAAc,EAAE,oBAAoB;YAC7D,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC;YACpD,CAAC,CAAC,SAAS;KACd,CAAC;IACF,MAAM,OAAO,GAAG,IAAI,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEpD,wDAAwD;IACxD,WAAW,CAAC,aAAa,CAAC,oBAAoB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAE7D,gDAAgD;IAChD,MAAM,UAAU,GAAG,IAAI,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9D,UAAU,CAAC,kBAAkB,CAAC,qBAAqB,CAAC;QAClD,OAAO;QACP,aAAa,EAAE;YACb,4DAA4D;YAC5D,0EAA0E;YAC1E,WAAW,EAAE,MAAM,CAAC,YAAY,CAAC,aAAa;SAC/C;KACF,CAAC,CAAC,CAAC;IAEJ,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC;AAC5H,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAoB;IAEpB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAC9F,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAEzC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0BAA0B;IAC1B,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,aAAa,CAAuB,CAAC;IACtF,MAAM,KAAK,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAE3E,IAAI,YAAY,GAAG,UAAU,CAAC;IAC9B,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,YAAY,GAAG,KAAK,YAAY,EAAE,CAAC;IACrC,CAAC;IAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAA6B,CAAC,CAAC;IACnE,MAAM,YAAY,GAAG,kBAAkB,CAAC;QACtC,OAAO;QACP,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC;KACxB,CAA4C,CAAC;IAE9C,sEAAsE;IACtE,MAAM,YAAY,GAAG,kBAAkB,CAAC;QACtC,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC;KACxB,CAAmC,CAAC;IAErC,sDAAsD;IACtD,MAAM,SAAS,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,aAAa,GAAG,SAAS,EAAE,sBAAsB,CAAC;IACxD,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;IAE3C,MAAM,cAAc,GAA0B,aAAa;QACzD,CAAC,CAAC;YACE,KAAK,EAAE,KAAsB;YAC7B,KAAK,EAAE,WAAW;YAClB,aAAa,EAAE,aAA8B;YAC7C,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,IAAI,OAAO;YACzE,iBAAiB,EAAE,KAAK;SACzB;QACH,CAAC,CAAC,IAAI,CAAC;IAET,OAAO,eAAe,CACpB;QACE,SAAS;QACT,OAAO;QACP,KAAK,EAAE,KAAsB;QAC7B,YAAY;QACZ,YAAY;QACZ,cAAc;KACf,EACD,MAAM,CACP,CAAC;AACJ,CAAC;AAED,2EAA2E;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,EAAE,+BAA+B,EAAE,MAAM,YAAY,CAAC"}

package/dist/storage.d.ts

@@ -0,0 +1,48 @@
+import type { PublicClient, Chain, Transport } from 'viem';
+import type { SIWxStorage } from '@x402/extensions/sign-in-with-x';
+import type { AgreementKeeper } from './agreement-keeper.js';
+/** Configuration for agreement-aware SIWx storage */
+export interface AzethSIWxStorageConfig {
+    /** viem public client for on-chain reads */
+    publicClient: PublicClient<Transport, Chain>;
+    /** The service's payment recipient address */
+    servicePayee: `0x${string}`;
+    /** Token address the service accepts (e.g., USDC) */
+    serviceToken?: `0x${string}`;
+    /** PaymentAgreementModule contract address */
+    moduleAddress?: `0x${string}`;
+    /** Minimum agreement amount per interval */
+    minAgreementAmount?: bigint;
+}
+export declare class AzethSIWxStorage implements SIWxStorage {
+    private readonly paymentRecords;
+    private readonly usedNonces;
+    private readonly config;
+    private keeper;
+    constructor(config: AzethSIWxStorageConfig);
+    /** Inject the agreement keeper after construction.
+     *  Called from server startup to avoid circular initialization. */
+    setKeeper(keeper: AgreementKeeper): void;
+    /** Check if an address has paid for a resource.
+     *
+     *  Two-tier lookup:
+     *  1. Check in-memory payment records (x402 settlement — permanent grant)
+     *  2. Check on-chain agreements (subscription — re-verified every ~60s via cache TTL)
+     *
+     *  Settlement grants (recordPayment) are permanent for the session.
+     *  Agreement grants are NOT cached permanently — they are re-verified on each
+     *  call via findActiveAgreementForPayee (which uses a 60s TTL cache internally).
+     *  This ensures that if a payer's balance drops to zero, their access is revoked
+     *  within ~60s instead of being permanently granted.
+     */
+    hasPaid(resource: string, address: string): Promise<boolean>;
+    /** Record that an address has paid for a resource */
+    recordPayment(resource: string, address: string): void;
+    /** Check if a nonce has been used (replay prevention) */
+    hasUsedNonce(nonce: string): boolean;
+    /** Record a nonce as used */
+    recordNonce(nonce: string): void;
+    /** Synchronous payment record helper */
+    private recordPaymentSync;
+}
+//# sourceMappingURL=storage.d.ts.map